diff options
| author | Tom Rini <trini@ti.com> | 2014-04-17 14:33:25 -0400 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2014-04-17 14:33:25 -0400 |
| commit | 0f507779ca00d90cdd4bcc8252630370339b7ea6 (patch) | |
| tree | a91a89ac67dcbd42c8a4357501d155a129fa1e5a /common | |
| parent | 0f605c1501f6e82553e9affc6e17876a85db408c (diff) | |
| parent | ece0d370144fdecb6f3ed5738ffe96f5b12f9e96 (diff) | |
| download | u-boot-0f507779ca00d90cdd4bcc8252630370339b7ea6.tar.gz | |
Merge branch 'next'
Diffstat (limited to 'common')
| -rw-r--r-- | common/Makefile | 1 | ||||
| -rw-r--r-- | common/cmd_aes.c | 89 | ||||
| -rw-r--r-- | common/cmd_fdt.c | 42 | ||||
| -rw-r--r-- | common/env_common.c | 79 | ||||
| -rw-r--r-- | common/env_dataflash.c | 17 | ||||
| -rw-r--r-- | common/env_eeprom.c | 12 | ||||
| -rw-r--r-- | common/env_fat.c | 12 | ||||
| -rw-r--r-- | common/env_flash.c | 21 | ||||
| -rw-r--r-- | common/env_mmc.c | 12 | ||||
| -rw-r--r-- | common/env_nand.c | 13 | ||||
| -rw-r--r-- | common/env_nvram.c | 12 | ||||
| -rw-r--r-- | common/env_onenand.c | 13 | ||||
| -rw-r--r-- | common/env_sf.c | 24 | ||||
| -rw-r--r-- | common/env_ubi.c | 27 | ||||
| -rw-r--r-- | common/hash.c | 116 | ||||
| -rw-r--r-- | common/image-fit.c | 5 | ||||
| -rw-r--r-- | common/image-sig.c | 63 |
17 files changed, 429 insertions, 129 deletions
diff --git a/common/Makefile b/common/Makefile index cecd81a9a0..7c853ae442 100644 --- a/common/Makefile +++ b/common/Makefile @@ -48,6 +48,7 @@ obj-$(CONFIG_ENV_IS_IN_UBI) += env_ubi.o obj-$(CONFIG_ENV_IS_NOWHERE) += env_nowhere.o # command +obj-$(CONFIG_CMD_AES) += cmd_aes.o obj-$(CONFIG_CMD_AMBAPP) += cmd_ambapp.o obj-$(CONFIG_SOURCE) += cmd_source.o obj-$(CONFIG_CMD_SOURCE) += cmd_source.o diff --git a/common/cmd_aes.c b/common/cmd_aes.c new file mode 100644 index 0000000000..76da3efffe --- /dev/null +++ b/common/cmd_aes.c @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2014 Marek Vasut <marex@denx.de> + * + * Command for en/de-crypting block of memory with AES-128-CBC cipher. + * + * SPDX-License-Identifier: GPL-2.0+ + */ + +#include <common.h> +#include <command.h> +#include <environment.h> +#include <aes.h> +#include <malloc.h> +#include <asm/byteorder.h> +#include <linux/compiler.h> + +DECLARE_GLOBAL_DATA_PTR; + +/** + * do_aes() - Handle the "aes" command-line command + * @cmdtp: Command data struct pointer + * @flag: Command flag + * @argc: Command-line argument count + * @argv: Array of command-line arguments + * + * Returns zero on success, CMD_RET_USAGE in case of misuse and negative + * on error. + */ +static int do_aes(cmd_tbl_t *cmdtp, int flag, int argc, char *const argv[]) +{ + uint32_t key_addr, src_addr, dst_addr, len; + uint8_t *key_ptr, *src_ptr, *dst_ptr; + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + int enc; + + if (argc != 6) + return CMD_RET_USAGE; + + if (!strncmp(argv[1], "enc", 3)) + enc = 1; + else if (!strncmp(argv[1], "dec", 3)) + enc = 0; + else + return CMD_RET_USAGE; + + key_addr = simple_strtoul(argv[2], NULL, 16); + src_addr = simple_strtoul(argv[3], NULL, 16); + dst_addr = simple_strtoul(argv[4], NULL, 16); + len = simple_strtoul(argv[5], NULL, 16); + + key_ptr = (uint8_t *)key_addr; + src_ptr = (uint8_t *)src_addr; + dst_ptr = (uint8_t *)dst_addr; + + /* First we expand the key. */ + aes_expand_key(key_ptr, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = DIV_ROUND_UP(len, AES_KEY_LENGTH); + + if (enc) + aes_cbc_encrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, src_ptr, dst_ptr, aes_blocks); + + return 0; +} + +/***************************************************/ +#ifdef CONFIG_SYS_LONGHELP +static char aes_help_text[] = + "enc key src dst len - Encrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long.\n" + "aes dec key src dst len - Decrypt block of data $len bytes long\n" + " at address $src using a key at address\n" + " $key and store the result at address\n" + " $dst. The $len size must be multiple of\n" + " 16 bytes and $key must be 16 bytes long."; +#endif + +U_BOOT_CMD( + aes, 6, 1, do_aes, + "AES 128 CBC encryption", + aes_help_text +); diff --git a/common/cmd_fdt.c b/common/cmd_fdt.c index 3a9edd6468..a6744ed9c2 100644 --- a/common/cmd_fdt.c +++ b/common/cmd_fdt.c @@ -570,7 +570,7 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) ft_board_setup(working_fdt, gd->bd); #endif /* Create a chosen node */ - else if (argv[1][0] == 'c') { + else if (strncmp(argv[1], "cho", 3) == 0) { unsigned long initrd_start = 0, initrd_end = 0; if ((argc != 2) && (argc != 4)) @@ -583,6 +583,41 @@ static int do_fdt(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) fdt_chosen(working_fdt, 1); fdt_initrd(working_fdt, initrd_start, initrd_end, 1); + +#if defined(CONFIG_FIT_SIGNATURE) + } else if (strncmp(argv[1], "che", 3) == 0) { + int cfg_noffset; + int ret; + unsigned long addr; + struct fdt_header *blob; + + if (!working_fdt) + return CMD_RET_FAILURE; + + if (argc > 2) { + addr = simple_strtoul(argv[2], NULL, 16); + blob = map_sysmem(addr, 0); + } else { + blob = (struct fdt_header *)gd->fdt_blob; + } + if (!fdt_valid(&blob)) + return 1; + + gd->fdt_blob = blob; + cfg_noffset = fit_conf_get_node(working_fdt, NULL); + if (!cfg_noffset) { + printf("Could not find configuration node: %s\n", + fdt_strerror(cfg_noffset)); + return CMD_RET_FAILURE; + } + + ret = fit_config_verify(working_fdt, cfg_noffset); + if (ret == 1) + return CMD_RET_SUCCESS; + else + return CMD_RET_FAILURE; +#endif + } /* resize the fdt */ else if (strncmp(argv[1], "re", 2) == 0) { @@ -992,6 +1027,11 @@ static char fdt_help_text[] = "fdt rsvmem delete <index> - Delete a mem reserves\n" "fdt chosen [<start> <end>] - Add/update the /chosen branch in the tree\n" " <start>/<end> - initrd start/end addr\n" +#if defined(CONFIG_FIT_SIGNATURE) + "fdt checksign [<addr>] - check FIT signature\n" + " <start> - addr of key blob\n" + " default gd->fdt_blob\n" +#endif "NOTE: Dereference aliases by omiting the leading '/', " "e.g. fdt print ethernet0."; #endif diff --git a/common/env_common.c b/common/env_common.c index c0bfc2f5db..cd7b4cd1df 100644 --- a/common/env_common.c +++ b/common/env_common.c @@ -140,6 +140,52 @@ int set_default_vars(int nvars, char * const vars[]) H_NOCLEAR | H_INTERACTIVE, nvars, vars); } +#ifdef CONFIG_ENV_AES +#include <aes.h> +/** + * env_aes_cbc_get_key() - Get AES-128-CBC key for the environment + * + * This function shall return 16-byte array containing AES-128 key used + * to encrypt and decrypt the environment. This function must be overriden + * by the implementer as otherwise the environment encryption will not + * work. + */ +__weak uint8_t *env_aes_cbc_get_key(void) +{ + return NULL; +} + +static int env_aes_cbc_crypt(env_t *env, const int enc) +{ + unsigned char *data = env->data; + uint8_t *key; + uint8_t key_exp[AES_EXPAND_KEY_LENGTH]; + uint32_t aes_blocks; + + key = env_aes_cbc_get_key(); + if (!key) + return -EINVAL; + + /* First we expand the key. */ + aes_expand_key(key, key_exp); + + /* Calculate the number of AES blocks to encrypt. */ + aes_blocks = ENV_SIZE / AES_KEY_LENGTH; + + if (enc) + aes_cbc_encrypt_blocks(key_exp, data, data, aes_blocks); + else + aes_cbc_decrypt_blocks(key_exp, data, data, aes_blocks); + + return 0; +} +#else +static inline int env_aes_cbc_crypt(env_t *env, const int enc) +{ + return 0; +} +#endif + /* * Check if CRC is valid and (if yes) import the environment. * Note that "buf" may or may not be aligned. @@ -147,6 +193,7 @@ int set_default_vars(int nvars, char * const vars[]) int env_import(const char *buf, int check) { env_t *ep = (env_t *)buf; + int ret; if (check) { uint32_t crc; @@ -159,6 +206,14 @@ int env_import(const char *buf, int check) } } + /* Decrypt the env if desired. */ + ret = env_aes_cbc_crypt(ep, 0); + if (ret) { + error("Failed to decrypt env!\n"); + set_default_env("!import failed"); + return ret; + } + if (himport_r(&env_htab, (char *)ep->data, ENV_SIZE, '\0', 0, 0, NULL)) { gd->flags |= GD_FLG_ENV_READY; @@ -172,6 +227,30 @@ int env_import(const char *buf, int check) return 0; } +/* Emport the environment and generate CRC for it. */ +int env_export(env_t *env_out) +{ + char *res; + ssize_t len; + int ret; + + res = (char *)env_out->data; + len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); + if (len < 0) { + error("Cannot export environment: errno = %d\n", errno); + return 1; + } + + /* Encrypt the env if desired. */ + ret = env_aes_cbc_crypt(env_out, 1); + if (ret) + return ret; + + env_out->crc = crc32(0, env_out->data, ENV_SIZE); + + return 0; +} + void env_relocate(void) { #if defined(CONFIG_NEEDS_MANUAL_RELOC) diff --git a/common/env_dataflash.c b/common/env_dataflash.c index b53b87e958..034e323169 100644 --- a/common/env_dataflash.c +++ b/common/env_dataflash.c @@ -56,17 +56,12 @@ void env_relocate_spec(void) int saveenv(void) { - env_t env_new; - ssize_t len; - char *res; - - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + env_t env_new; + int ret; + + ret = env_export(&env_new); + if (ret) + return ret; return write_dataflash(CONFIG_ENV_ADDR, (unsigned long)&env_new, diff --git a/common/env_eeprom.c b/common/env_eeprom.c index 0db2bb63fe..490ac731b3 100644 --- a/common/env_eeprom.c +++ b/common/env_eeprom.c @@ -98,8 +98,6 @@ void env_relocate_spec(void) int saveenv(void) { env_t env_new; - ssize_t len; - char *res; int rc; unsigned int off = CONFIG_ENV_OFFSET; #ifdef CONFIG_ENV_OFFSET_REDUND @@ -109,13 +107,9 @@ int saveenv(void) BUG_ON(env_ptr != NULL); - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + rc = env_export(&env_new); + if (rc) + return rc; #ifdef CONFIG_ENV_OFFSET_REDUND if (gd->env_valid == 1) { diff --git a/common/env_fat.c b/common/env_fat.c index 708fd13dc7..aad0487c32 100644 --- a/common/env_fat.c +++ b/common/env_fat.c @@ -37,19 +37,14 @@ int env_init(void) int saveenv(void) { env_t env_new; - ssize_t len; - char *res; block_dev_desc_t *dev_desc = NULL; int dev = FAT_ENV_DEVICE; int part = FAT_ENV_PART; int err; - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } + err = env_export(&env_new); + if (err) + return err; #ifdef CONFIG_MMC if (strcmp(FAT_ENV_INTERFACE, "mmc") == 0) { @@ -79,7 +74,6 @@ int saveenv(void) return 1; } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); err = file_fat_write(FAT_ENV_FILE, (void *)&env_new, sizeof(env_t)); if (err == -1) { printf("\n** Unable to write \"%s\" from %s%d:%d **\n", diff --git a/common/env_flash.c b/common/env_flash.c index 7d5a4cfc8a..b3ad908894 100644 --- a/common/env_flash.c +++ b/common/env_flash.c @@ -106,8 +106,7 @@ int env_init(void) int saveenv(void) { env_t env_new; - ssize_t len; - char *res, *saved_data = NULL; + char *saved_data = NULL; char flag = OBSOLETE_FLAG, new_flag = ACTIVE_FLAG; int rc = 1; #if CONFIG_ENV_SECT_SIZE > CONFIG_ENV_SIZE @@ -125,13 +124,9 @@ int saveenv(void) if (flash_sect_protect(0, (ulong)flash_addr_new, end_addr_new)) goto done; - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - goto done; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + rc = env_export(&env_new); + if (rc) + return rc; env_new.flags = new_flag; #if CONFIG_ENV_SECT_SIZE > CONFIG_ENV_SIZE @@ -258,13 +253,9 @@ int saveenv(void) if (flash_sect_protect(0, (long)flash_addr, end_addr)) goto done; - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); + rc = env_export(&env_new); + if (rc) goto done; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); puts("Erasing Flash..."); if (flash_sect_erase((long)flash_addr, end_addr)) diff --git a/common/env_mmc.c b/common/env_mmc.c index 045428c6ec..c99fc750fa 100644 --- a/common/env_mmc.c +++ b/common/env_mmc.c @@ -118,8 +118,6 @@ static unsigned char env_flags; int saveenv(void) { ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); - ssize_t len; - char *res; struct mmc *mmc = find_mmc_device(CONFIG_SYS_MMC_ENV_DEV); u32 offset; int ret, copy = 0; @@ -127,15 +125,9 @@ int saveenv(void) if (init_mmc_for_env(mmc)) return 1; - res = (char *)&env_new->data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - ret = 1; + ret = env_export(env_new); + if (ret) goto fini; - } - - env_new->crc = crc32(0, &env_new->data[0], ENV_SIZE); #ifdef CONFIG_ENV_OFFSET_REDUND env_new->flags = ++env_flags; /* increase the serial */ diff --git a/common/env_nand.c b/common/env_nand.c index 695a9eebb0..5a734a9321 100644 --- a/common/env_nand.c +++ b/common/env_nand.c @@ -181,8 +181,6 @@ int saveenv(void) { int ret = 0; ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); - ssize_t len; - char *res; int env_idx = 0; static const struct env_location location[] = { { @@ -207,13 +205,10 @@ int saveenv(void) if (CONFIG_ENV_RANGE < CONFIG_ENV_SIZE) return 1; - res = (char *)&env_new->data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); + ret = env_export(env_new); + if (ret) + return ret; + #ifdef CONFIG_ENV_OFFSET_REDUND env_new->flags = ++env_flags; /* increase the serial */ env_idx = (gd->env_valid == 1); diff --git a/common/env_nvram.c b/common/env_nvram.c index 0866cde924..524f07d5f8 100644 --- a/common/env_nvram.c +++ b/common/env_nvram.c @@ -69,17 +69,11 @@ void env_relocate_spec(void) int saveenv(void) { env_t env_new; - ssize_t len; - char *res; int rcode = 0; - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + rcode = env_export(&env_new); + if (rcode) + return rcode; #ifdef CONFIG_SYS_NVRAM_ACCESS_ROUTINE nvram_write(CONFIG_ENV_ADDR, &env_new, CONFIG_ENV_SIZE); diff --git a/common/env_onenand.c b/common/env_onenand.c index 4b44632180..cc3d670de8 100644 --- a/common/env_onenand.c +++ b/common/env_onenand.c @@ -66,8 +66,7 @@ void env_relocate_spec(void) int saveenv(void) { env_t env_new; - ssize_t len; - char *res; + int ret; struct mtd_info *mtd = &onenand_mtd; #ifdef CONFIG_ENV_ADDR_FLEX struct onenand_chip *this = &onenand_chip; @@ -78,13 +77,9 @@ int saveenv(void) .callback = NULL, }; - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + ret = env_export(&env_new); + if (ret) + return ret; instr.len = CONFIG_ENV_SIZE; #ifdef CONFIG_ENV_ADDR_FLEX diff --git a/common/env_sf.c b/common/env_sf.c index be270f21bc..37ab13ae17 100644 --- a/common/env_sf.c +++ b/common/env_sf.c @@ -47,8 +47,7 @@ static struct spi_flash *env_flash; int saveenv(void) { env_t env_new; - ssize_t len; - char *res, *saved_buffer = NULL, flag = OBSOLETE_FLAG; + char *saved_buffer = NULL, flag = OBSOLETE_FLAG; u32 saved_size, saved_offset, sector = 1; int ret; @@ -62,13 +61,9 @@ int saveenv(void) } } - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); + ret = env_export(&env_new); + if (ret) + return ret; env_new.flags = ACTIVE_FLAG; if (gd->env_valid == 1) { @@ -225,10 +220,9 @@ out: int saveenv(void) { u32 saved_size, saved_offset, sector = 1; - char *res, *saved_buffer = NULL; + char *saved_buffer = NULL; int ret = 1; env_t env_new; - ssize_t len; if (!env_flash) { env_flash = spi_flash_probe(CONFIG_ENV_SPI_BUS, @@ -260,13 +254,9 @@ int saveenv(void) sector++; } - res = (char *)&env_new.data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); + ret = env_export(&env_new); + if (ret) goto done; - } - env_new.crc = crc32(0, env_new.data, ENV_SIZE); puts("Erasing SPI flash..."); ret = spi_flash_erase(env_flash, CONFIG_ENV_OFFSET, diff --git a/common/env_ubi.c b/common/env_ubi.c index c0828a47d3..77bbfa6ef4 100644 --- a/common/env_ubi.c +++ b/common/env_ubi.c @@ -37,15 +37,11 @@ static unsigned char env_flags; int saveenv(void) { ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); - ssize_t len; - char *res; + int ret; - res = (char *)&env_new->data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } + ret = env_export(env_new); + if (ret) + return ret; if (ubi_part(CONFIG_ENV_UBI_PART, NULL)) { printf("\n** Cannot find mtd partition \"%s\"\n", @@ -53,7 +49,6 @@ int saveenv(void) return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); env_new->flags = ++env_flags; /* increase the serial */ if (gd->env_valid == 1) { @@ -86,15 +81,11 @@ int saveenv(void) int saveenv(void) { ALLOC_CACHE_ALIGN_BUFFER(env_t, env_new, 1); - ssize_t len; - char *res; + int ret; - res = (char *)&env_new->data; - len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL); - if (len < 0) { - error("Cannot export environment: errno = %d\n", errno); - return 1; - } + ret = env_export(env_new); + if (ret) + return ret; if (ubi_part(CONFIG_ENV_UBI_PART, NULL)) { printf("\n** Cannot find mtd partition \"%s\"\n", @@ -102,8 +93,6 @@ int saveenv(void) return 1; } - env_new->crc = crc32(0, env_new->data, ENV_SIZE); - if (ubi_volume_write(CONFIG_ENV_UBI_VOLUME, (void *)env_new, CONFIG_ENV_SIZE)) { printf("\n** Unable to write env to %s:%s **\n", diff --git a/common/hash.c b/common/hash.c index 872cd85428..7627b84b45 100644 --- a/common/hash.c +++ b/common/hash.c @@ -12,6 +12,7 @@ #include <common.h> #include <command.h> +#include <malloc.h> #include <hw_sha.h> #include <hash.h> #include <sha1.h> @@ -19,6 +20,88 @@ #include <asm/io.h> #include <asm/errno.h> +#ifdef CONFIG_CMD_SHA1SUM +static int hash_init_sha1(struct hash_algo *algo, void **ctxp) +{ + sha1_context *ctx = malloc(sizeof(sha1_context)); + sha1_starts(ctx); + *ctxp = ctx; + return 0; +} + +static int hash_update_sha1(struct hash_algo *algo, void *ctx, const void *buf, + unsigned int size, int is_last) +{ + sha1_update((sha1_context *)ctx, buf, size); + return 0; +} + +static int hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, + int size) +{ + if (size < algo->digest_size) + return -1; + + sha1_finish((sha1_context *)ctx, dest_buf); + free(ctx); + return 0; +} +#endif + +#ifdef CONFIG_SHA256 +static int hash_init_sha256(struct hash_algo *algo, void **ctxp) +{ + sha256_context *ctx = malloc(sizeof(sha256_context)); + sha256_starts(ctx); + *ctxp = ctx; + return 0; +} + +static int hash_update_sha256(struct hash_algo *algo, void *ctx, + const void *buf, unsigned int size, int is_last) +{ + sha256_update((sha256_context *)ctx, buf, size); + return 0; +} + +static int hash_finish_sha256(struct hash_algo *algo, void *ctx, void + *dest_buf, int size) +{ + if (size < algo->digest_size) + return -1; + + sha256_finish((sha256_context *)ctx, dest_buf); + free(ctx); + return 0; +} +#endif + +static int hash_init_crc32(struct hash_algo *algo, void **ctxp) +{ + uint32_t *ctx = malloc(sizeof(uint32_t)); + *ctx = 0; + *ctxp = ctx; + return 0; +} + +static int hash_update_crc32(struct hash_algo *algo, void *ctx, + const void *buf, unsigned int size, int is_last) +{ + *((uint32_t *)ctx) = crc32(*((uint32_t *)ctx), buf, size); + return 0; +} + +static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf, + int size) +{ + if (size < algo->digest_size) + return -1; + + *((uint32_t *)dest_buf) = *((uint32_t *)ctx); + free(ctx); + return 0; +} + /* * These are the hash algorithms we support. Chips which support accelerated * crypto could perhaps add named version of these algorithms here. Note that @@ -53,6 +136,9 @@ static struct hash_algo hash_algo[] = { SHA1_SUM_LEN, sha1_csum_wd, CHUNKSZ_SHA1, + hash_init_sha1, + hash_update_sha1, + hash_finish_sha1, }, #define MULTI_HASH #endif @@ -62,6 +148,9 @@ static struct hash_algo hash_algo[] = { SHA256_SUM_LEN, sha256_csum_wd, CHUNKSZ_SHA256, + hash_init_sha256, + hash_update_sha256, + hash_finish_sha256, }, #define MULTI_HASH #endif @@ -70,6 +159,9 @@ static struct hash_algo hash_algo[] = { 4, crc32_wd_buf, CHUNKSZ_CRC32, + hash_init_crc32, + hash_update_crc32, + hash_finish_crc32, }, }; @@ -204,16 +296,19 @@ static int parse_verify_sum(struct hash_algo *algo, char *verify_str, u8 *vsum, return 0; } -static struct hash_algo *find_hash_algo(const char *name) +int hash_lookup_algo(const char *algo_name, struct hash_algo **algop) { int i; for (i = 0; i < ARRAY_SIZE(hash_algo); i++) { - if (!strcmp(name, hash_algo[i].name)) - return &hash_algo[i]; + if (!strcmp(algo_name, hash_algo[i].name)) { + *algop = &hash_algo[i]; + return 0; + } } - return NULL; + debug("Unknown hash algorithm '%s'\n", algo_name); + return -EPROTONOSUPPORT; } static void show_hash(struct hash_algo *algo, ulong addr, ulong len, @@ -230,12 +325,12 @@ int hash_block(const char *algo_name, const void *data, unsigned int len, uint8_t *output, int *output_size) { struct hash_algo *algo; + int ret; + + ret = hash_lookup_algo(algo_name, &algo); + if (ret) + return ret; - algo = find_hash_algo(algo_name); - if (!algo) { - debug("Unknown hash algorithm '%s'\n", algo_name); - return -EPROTONOSUPPORT; - } if (output_size && *output_size < algo->digest_size) { debug("Output buffer size %d too small (need %d bytes)", *output_size, algo->digest_size); @@ -265,8 +360,7 @@ int hash_command(const char *algo_name, int flags, cmd_tbl_t *cmdtp, int flag, u8 vsum[HASH_MAX_DIGEST_SIZE]; void *buf; - algo = find_hash_algo(algo_name); - if (!algo) { + if (hash_lookup_algo(algo_name, &algo)) { printf("Unknown hash algorithm '%s'\n", algo_name); return CMD_RET_USAGE; } diff --git a/common/image-fit.c b/common/image-fit.c index b94a3fe86d..77f32bce31 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -22,6 +22,7 @@ DECLARE_GLOBAL_DATA_PTR; #include <bootstage.h> #include <sha1.h> +#include <sha256.h> #include <u-boot/crc.h> #include <u-boot/md5.h> @@ -882,6 +883,10 @@ int calculate_hash(const void *data, int data_len, const char *algo, sha1_csum_wd((unsigned char *)data, data_len, (unsigned char *)value, CHUNKSZ_SHA1); *value_len = 20; + } else if (IMAGE_ENABLE_SHA256 && strcmp(algo, "sha256") == 0) { + sha256_csum_wd((unsigned char *)data, data_len, + (unsigned char *)value, CHUNKSZ_SHA256); + *value_len = SHA256_SUM_LEN; } else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) { md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5); *value_len = 16; diff --git a/common/image-sig.c b/common/image-sig.c index 973b06d505..72284eb1d1 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -14,16 +14,79 @@ DECLARE_GLOBAL_DATA_PTR; #endif /* !USE_HOSTCC*/ #include <image.h> #include <rsa.h> +#include <rsa-checksum.h> #define IMAGE_MAX_HASHED_NODES 100 +#ifdef USE_HOSTCC +void *host_blob; +void image_set_host_blob(void *blob) +{ + host_blob = blob; +} +void *image_get_host_blob(void) +{ + return host_blob; +} +#endif + +struct checksum_algo checksum_algos[] = { + { + "sha1", + SHA1_SUM_LEN, + RSA2048_BYTES, +#if IMAGE_ENABLE_SIGN + EVP_sha1, +#endif + sha1_calculate, + padding_sha1_rsa2048, + }, + { + "sha256", + SHA256_SUM_LEN, + RSA2048_BYTES, +#if IMAGE_ENABLE_SIGN + EVP_sha256, +#endif + sha256_calculate, + padding_sha256_rsa2048, + }, + { + "sha256", + SHA256_SUM_LEN, + RSA4096_BYTES, +#if IMAGE_ENABLE_SIGN + EVP_sha256, +#endif + sha256_calculate, + padding_sha256_rsa4096, + } + +}; + struct image_sig_algo image_sig_algos[] = { { "sha1,rsa2048", rsa_sign, rsa_add_verify_data, rsa_verify, + &checksum_algos[0], + }, + { + "sha256,rsa2048", + rsa_sign, + rsa_add_verify_data, + rsa_verify, + &checksum_algos[1], + }, + { + "sha256,rsa4096", + rsa_sign, + rsa_add_verify_data, + rsa_verify, + &checksum_algos[2], } + }; struct image_sig_algo *image_get_sig_algo(const char *name) |